Radius and the Novell Client

Is there any capability for the Novell Client to use radius authentication.
We're putting in Cisco Clean Access and we'd like a pass through
authentication. Clean Access already uses LDAP/eDirectory for
authentication. We're not crazy about using Secure Login as that has seen
more than afew issues for us.
Any ideas? Perhaps a BorderManager widget somewhere?

> Is there any capability for the Novell Client to use radius authentication.
>
And what has thid got to do with Queue-based printing?? ;)
Try the client forum.
- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)
Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement
Using VA 5.51 build 315 on Windows 2000 build 2195

Similar Messages

WWW Location of the Novell Client for XP supporting IP Gateway Services

When connecting Windows XP workstations to the SBS 6.0 server through the
Novell Client 4.9SP1a for Windows XP, there are no services within 4.9
for IP Gateway included. As many of you know, by using BorderManager as
the Firewall/NAT/IP/IPX Gateway to access the Internet, all workstations
accessing the Internet need the IP Gateway service installed with the
client. The Novell Client CD-ROM shipped with the Novell SBS 6.0 media
has clients for Windows NT/2000 (outdated) but none are compatible for
Windows XP (it appears that Novell had not updated their Novell SBS 6.0
media since they started shipping it). In addition, the online
documentation included with the media is outdated (e.g. BorderManager 3.6
docs for BorderManager 3.7 being shipped) and do not mention anything
about configuring Windows XP clients for Novell IP Gateway services.
I have thoroughly looked within Novell's Support site the past few weeks
for:
+ The original Novell Client 4.9 (prior to support packs) to see if that
version of the client has IP Gateway services included (file not found or
listed).
+ Previous Novell Clients for Windows XP to see if those versions support
IP Gateway services. (Support Pack versions only are listed, but no
original versions, and do not contain Novell IP Gateway services).
+ Any instructions or tips for configuring the Novell IP Gateway services
within the Novell Client 4.9 or earlier versions for Windows XP(documents
are non-existent).
All of the above leads the following question:
Can someone please direct me to the location to where the proper
Novell Client for Windows XP supporting Novell IP Gateway services?
Since Windows XP has been around for a few years now, one would think
Novell would have developed a client for it that possesses Novell IP
Gateway services by now to be used with BorderManager. Correct? If so,
where is it? In addition, one would think Novell would include the media
supporting the current software they are shipping, not outdated ones.
(Or at least, ensure their outsourced sales services are doing so.) In
addition, one would also think Novell would at least provide the
necessary tools/files necessary to at least to have the ability to
install their products out of the box - instead of forcing their
consumers to purchase unnecessary additional support services for
something they should have included within their media package or website
at the start.
Nevertheless, I appreciate any input where to find the appropriate Novell
Client for Windows XP supporting Novell IP Gateway services.
Thanks,
EricV

In article <cb60c.5596$[email protected]>, wrote:
> As many of you know, by using BorderManager as
> the Firewall/NAT/IP/IPX Gateway to access the Internet, all workstations
> accessing the Internet need the IP Gateway service installed with the
> client.
>
This is simply not correct. Novell has not been providing IP gateway
functionality within Client32 for a long time, because it is not needed,
and it had serious limitations.
I haven't had a client using IP Gateway for many years now, and I have a
*lot* of BorderManager clients.
The alternative to IP Gateways is a combination of proxies and NAT w/filter
exceptions.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Why not jdeveloper creates the persistance unit and the session client and

why you do not create the persistance unit (outside) and the session client and ...the interface and other required opjects automatically when I create the application or the project?
why you are using symbols like AFD, JSF, JSP, JPA,.JEE...and tens more, why you do not use a meaningfull names of these process symbols.
Thanks
Ali

Asalman,
I'm quite happy the JDeveloper behaves the way it does. Why? Because in most of my scenarios I don't want to be driven in a particular direction of development. This my choice of development and I don't like tools that dictate this to me.
--olaf

Can the Novell Client be virtualised?

I was wondering if it would be possible to virtialise teh Windows 7 version
of the Novell Client or even version 4.9 for XP?
Thomas

Originally Posted by Thomas Roberts
I was wondering if it would be possible to virtialise teh Windows 7 version
of the Novell Client or even version 4.9 for XP?
Thomas
As far as I know... no. To many complexities there where connections on workstation level are considered as well as getting pass-through to work in a decent fashion.
But if others have found ways... I'm all ears too :)
-Willem

Intune, SCCM, and the Intune client installer

Hello,
Was wondering if there is a way to prevent users from Installing the Windows Intune Client agent?
Scenario:
SCCM 2012 R2 with integrated Windows Intune subscription. I have successfully enrolled an iPad and a Windows 8.1 computer. I was then able to download and install the Windows Intune Client agent on my Windows 8.1 device which redirected my device
to being managed by Intune exclusively, and no longer via SCCM. It also changed my System Center Endpoint Protection to Intune Endpoint protection. The only way to get it back was to go to the Intune Management Console and retire the device, which
triggers an uninstall of the Intune client. The good news is that it restored the previous information for the SCCM/Intune enrollment. However...
A significant and unfortunate side effect of this is that Endpoint protection was also removed as part of the Intune client uninstall leaving the computer without Anti-malware protection.
I would like to prevent this from happening for obvious reasons. In a BYOD scenario the user will have the permissions locally to do this and given its the same subscription for Intune there doesn't appear to be a way to ensure they cannot.
Am I missing something simple here?
Thanks!

I guess a couple of data points:
- Enrolling a Win 8.1 system using OMA-DM for management by ConfigMgr via Intune does not provide additional anti-virus above or beyond the built-in Windows Defender
- Removing the Intune agent reverts the system back to using Windows Defender the same as it was before Intune was installed
So, I would say that first, this statement is inaccurate: "leaving the computer without Anti-malware protection". And, also, there's no difference between the two states of pre-Intune agent installation and post-Intune agent uninstallation from an AV perspective.
As for explicitly preventing the Intune agent installation, obscurity is probably the the only way to go at this point to my knowledge -- simply don't tell folks about it or how to find it.
Jason | http://blog.configmgrftw.com

LogMeIn Deployment/Installer and the Persistent Client Install is Frustrating

Every single time the installer runs, it installs the LogMeIn Client. This makes absolutely no sense at all. The Deployment/Installer is intended to be run on HOST systems. HOST systems -- by definition -- don't need the Client. You can suppress the display of the Client after the install by adding "FORCEDISPLAYCLIENT=0" to the command line for the MSI Installer (I use it in a batch file). The Client still installs, but it hides the install. That said, so it's not really any use in solving the problem. What's even more firstrating is that if you manually remove the "LogMeIn Client" in the Start Menu (for All or individual users), it returns on the next reboot. Why install the Client and then persist in making sure it remains available to the HOST system users? This has been going on for at least two years, and so far nothing, nada, zilch, zip, bupkiss from LogMeIn on a solution.

One idea I had was to change the permission for the program so that even if a user clicked on it it wouldn't run, but that just produces another phone call, "Why can't I run this program? What's the password?". Come on, LMI! Do something about this!

Performance Monitoring and the Web Client

I am a project manager managing a large infrastructure upgrade with a migration of existing VMs.
I want to understand how my current VM are performing and the tool I have is the vSphere Web Client 5.1.
I want to get more trending data on disk I/O and Network use.....I cannot get this data with this tool.
I do not have access to the host to run the command line tools. What can I do? I also do not want to buy VCOPs either.

Hello dfery123,
Have you tried Monitoring Inventory Objects with Performance Charts (vSphere 5.5 Documentation Center - Monitoring Inventory Objects with Performance Charts)?
Regards,
Todor

JCA and the common client interface

Hi.
(I may have posted this question in the wrong forum but, this seems to be the most active and more likely to atract the opinion of a few experienced developers)
I wanted to ask the opinion of some of the more experienced developers... preferably those who have had experience integrating heterogeneous EIS/data sources into a common portal.
This concerns Sun's JCA specification (available at: http://java.sun.com/j2ee/connector/index.jsp), particularly the CCI (common client interface) - chapter 15 - which defines a set of interfaces which EIS providers should support.
Has anyone made any effort to upcast SAP interfaces to these 'standardised' interfaces?
If so... are there any limitations/additional complication which other developers need to consider if they wish to employ this practice?
If Not... Does this not defeat the objective of the JCA?

Asalman,
I'm quite happy the JDeveloper behaves the way it does. Why? Because in most of my scenarios I don't want to be driven in a particular direction of development. This my choice of development and I don't like tools that dictate this to me.
--olaf

Windows xp and the Oracle8 client software v 8.0.5..0.0

How do I install just the Oracle ODBC drivers on Windows XP
I would like to access a remote Oracle database on my network via ODBC
from Access XP.
I want to know if Client Oracle 8 and ODBC drivers are compatible with windows XP
I am new to Oracle, so any assistance you can provide will be
greatly appreciated.
Sorry for my english

Since XP wasn't around when the 8.0.5 client was released, it's probably not certified on XP. I suspect it will probably work, but there's no guarantee that there won't be subtle problems.
Is it possible for you to use a more recent version of Oracle. 9i may support XP.
Justin

Novell Client help

I just finished setting up my tree in edirectory and Imanager. I installed Novell Client and when I went to login it said the tree couldn't be found.
It is frustrating because I don't know what's wrong.

The Novell Client installation after eDirectory may have broken eDirectory
if it's all on windows. eDirectory uses a new version of NICI, and the
Novell Client may still ship with an older one. Also, the Novell Client
typically installs NICI in client mode (of course) where eDirectory
requires it to be in server mode, and while the client can live in server
mode, the server cannot run in client mode.
I won't bore you, again, with my comments on platform choice. You're in
for a ride as you can see.
Hopefully you're in a VM and can revert a snapshot. Otherwise you may
want to call support to see if they can help fix this. There may be a TID
by now on this, but I haven't seen one lately. You may be able to
reinstall eDirectory, but on windows the eDir install both installs the
binaries that run the service as well as configure a tree, so you may need
to recreate the tree for this to work.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

Deploy novell client

For a customer i've set up ZLM, OES and SLED.
- what is the easiest way to distribute the novell client?
currently i have created a rpm bundle, containing all rpm's on the novell client cd.

lowalcohol,
... but to be honest... I do not want the client, I want to use centrally managed login scripts, to map samba/ncp shares...
that is one of the things the Novell client allows you to do. You define the login scripts once in edirectory and the Novell clients, independent where they are, use them when they login. Okay it depends if you have logical structures in edirectory and different sites, then you might need them twice or more times, but it is a perfect solution you can manage from a central point.
So to your question ...
When I check as a sample the SLED 11 Novell client, I see that the installation media is already usable as a installation source.
So one option might be to use a remote execute policy to add it as a zypp source temporarily via "rug sa -t zypp <network path to the client> NWCL" on each client and trigger the installation. The problem is that it is not only a instalaltion of rpm packages, there is a yast module that does all the configuration for the novell client afterwards. I don't know if there is a console command that does all the same. In other cases the configu files must be collected that are touched by yast and then the remote execute policy should do the same.
A second option would be to put all rpms into a bundle and then use the post installation script to make all the additional system configurations that were done via yast.
So far this seem to be the two options you can choose from ...
What do you think ?
Rainer

Wireless Security and Novell Client

To all,
I am currently looking to upgrade our existing Network Infrastructure toa secure 802.11b network and we have purchase Cisco Secure ACS. We plan to use LEAD with our system and require a radius sign-on using our Novell Client. The problem I have is planning this and how I can setup the workstations. We use ZEN Works for our management of workstations and this means that the Novell client must be the primary sign-on. How can I get the Novell client to be the primary sign-on and still use LEAP? The Novell client requires a network connection before it can bring up a login screen. Any thoughts or tips would be greatly appreciated. Have a great day!
Adam Osterholt
Network Manager
The Children's Medical Center
Dayton, OH

We have the same configuration here at my place of work (Novell, ACS, ZEN,etc). In my testing it depended on the OS that the client was using. On the win95/98 clients I had to set the primary login to the Novell client but save the LEAP user name and password in the wireless profile within the ACU on the client. During the client boot up, the LEAP username logs in automatically and the Novell login screen appears for login. I could not get it to work properly with prompting the user to enter their LEAP username/password. This process only work as login as my ACS server database was local to the ACS server. If the ACS server is set to use an NT domain as its user DB the LEAP auto-login did not work....
I did not have this problem with win2000 or winXP clients.
Hope this helps.
Rob

Login intermittently slow with ZCM agent AND Novell client

We continue to struggle with intermittently slow logins in our environment. In testing, we noticed that logins are very fast (10-20 seconds) when only the Novell Client is installed, and very fast (~10 seconds) when only the ZCM agent is installed. However, when they are both installed, logins slow down, sometimes to 1.5 minutes or longer.
We have checked DNS and rDNS, and they are both configured properly. SLP is working properly as demonstrated by the fast logins when only the client is installed. We use LDAP for user lookup, and it also works very fast to resolve user names (~ 1 second).
We are using ZCM 10.3.1, and the client is fully patched as well (both Novell Client 2 and 4.91)
Are there any specific settings (for the ZCM agent or the client itself) that might address this issue?

My apologies, I told you to remove the wrong thing.
I should have said NMAS instead of CASA.
I am just so used to saying CASA when talking about ZCM.
In regards to NMAS, you could simply rename "NWSSO.DLL" as a test.
If NMAS is installed which is tested by the existence of this DLL, then
a certain NMAS call is always made, which in some cases can take a long
time.
On 11/9/2010 12:06 PM, dshofkom33 wrote:
>
> craig_wilson;2042688 Wrote:
>> Try removing CASA from the device and see if that makes a difference.
>> A TID will be out on the issue soon.
>>
>> On 10/5/2010 4:36 PM, kjhurni wrote:
>>>
>>> Hmm, I will have to try that. I've only observed that with ZCM
>>> installed (with Novell Client 4.91 SP5 on XP) that the login time
>> goes
>>> from about 12-15 seconds to about 50-70 seconds.
>>>
>>> But I've not tried "just" the ZCM agent.
>>>
>>>
>>
>>
>> --
>> Craig Wilson - MCNE, MCSE, CCNA
>> Novell Knowledge Partner
>>
>> Novell does not officially monitor these forums.
>>
>> Suggestions/Opinions/Statements made by me are solely my own.
>> These thoughts may not be shared by either Novell or any rational
>> human.
>
> I removed CASA and now I cannot sign into ZCM. I get the "unable to
> login to network because the login credentials are incorrect" Windows
> Security Message. Any ideas?
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

DHCP Conflict between ZfD 4 Agent and Novell Client

I am having problems with the use of Novell Client versions that support
DHCP settings tab (Tree, Context, Server).
This is in this board because my problem is only reproduced when ZENworks
for Destkops 4 (IR5 and IR7) Workstation Management component is installed.
THe problem is this:
Every now and then, logging in with the novell client displays 886f errors
in the login results window, and other strange communication errors.
If I release and renew the IP, it works fine after that.
If I reboot, there is a chance I get the same problem.
This absolutely does not happen when I have the two options for DHCP
settings in the Novell Client unchecked (Server->Binary Data).
Now, is ZfD Workstation Manager getting the Preferred Server IP from DHCP
as well during system startup? Is this clear? Happens on both Windows
2000 and Windows XP.
I have no access to the router serving DHCP so I don't know the details on
that end.

There was (is?) a conflict that is supposed to be solved,
but I'm not 100% convinced that is true. Since I always
use Client32 I remove novdhcp.dll in my ZfDAgent transform,
even now with ZDM7 because I've seen the "semaphore" error
there too if I don't.
See:
http://support.novell.com/cgi-bin/se...?/10090994.htm
http://support.novell.com/cgi-bin/se...?/10093676.htm
http://support.novell.com:80/cgi-bin...?/10091089.htm
Regards
Rolf Lidvall
Swedish Radio (Ltd)

Novell client for linux - scripted install and configure

the novell client is included in SLED11 SP1
the configuration files are in /etc/opt/novell/ncl (esp login.conf)
I want to script the configuration of the novell-client. Some of the things the interface yast - Novell client does, is:
modify /etc/pam.d/gdm
create /lib/security/pam_ncl_autologin.so
... and maybe more....?
according to Novell Documentation there should be a make_novell-client-conf_rpm Bash script but i cant find it in any of the recent clients (download) nor on the SLED installation.
I think just copying pam.d files and the .so file will work, but might cause troubles in the long run.
What should i do to create these by script?

Originally Posted by lowalcohol
assuming this will do the same as installing it from yast - software, the client is not configured (tree, context, slp) and lacks key files such as /lib/security/pam_ncl_autologin.so needed for integrated login.
/lib/security/pam_ncl_autologin.so is updated by the post processing inside the rpm's. We don't need to do anything. however there is much to do. i'll show what i do. You need to change the variables and entries to suit your env.
create a repo on a build server using the following in fstab
Code:
/srv/www/htdocs/iso/novell-client-2.0-sp2-p2-sle11-i586.iso /srv/www/htdocs/novcli2.sp2/i586 iso9660 user,auto,loop,uid=30,gid=8 0 0
/srv/www/htdocs/iso/novell-client-2.0-sp2-p2-sle11-x86_64.iso /srv/www/htdocs/novcli2.sp2/x86_64 iso9660 user,auto,loop,uid=30,gid=8 0 0
add a repo to the install
zypper -n ar --refresh http://build/novcli2.sp2/$PROC "Novell client 2"
add in bits for ldap
Code:
cd /tmp
wget $WEBPATH/ldap.tbz2
if [ -s ldap.tbz2 ]; then
cd /
tar xjvf /tmp/ldap.tbz2
cd /tmp
fi # if [ -s ldap.tbz2 ];
echo '+::::::' >>/etc/passwd
echo '+' >>/etc/shadow
echo '+:::' >>/etc/group
ldap.tbz2 contains the following after they been changed by 'yast ldap'.
\etc
\etc\ldap.conf
\etc\nsswitch.conf
\etc\openldap
\etc\pam.d
\etc\openldap\ldap.conf
\etc\pam.d\common-account-pc
\etc\pam.d\common-auth-pc
\etc\pam.d\common-password-pc
\etc\pam.d\common-session-pc
add in the client
Code:
zypper --no-refresh --no-gpg-checks -n in -l -t pattern novell-ncl
#lock the files to protect them from future 'zypper dup'
zypper al nici64 novell-client novell-client-script novell-konqueror-plugin novell-nautilus-plugin novell-nmasclient novell-novfsd novell-qtgui novell-ui-base novell-xplatlib novell-xtier-base novell-xtier-core novell-xtier-xplat yast2-novell-client
chkconfig micasad on
configure the client
[CODE]
sed -i s/";net.slp.useScopes.*"/"net.slp.useScopes = FRED, LARRY"/ /etc/slp.conf
sed -i s/";net.slp.DAAddresses.*"/"net.slp.DAAddresses = 10.251.1.99, 10.249.1.99"/ /etc/slp.conf
mkdir -p /etc/opt/novell/ncl
echo Allow_Integrated_Login=true >/etc/opt/novell/ncl/login.conf
echo Default_Tree=XXXXX >>/etc/opt/novell/ncl/login.conf
echo Default_Context=XXX.XXX.XXX >>/etc/opt/novell/ncl/login.conf
echo Default_Server=servername >>/etc/opt/novell/ncl/login.conf
echo DHCP_Tree=true >/etc/opt/novell/ncl/protocol.conf
echo DHCP_Server=true >>/etc/opt/novell/ncl/protocol.conf
[CODE]
(reboot)
These are files installed during build stage, but are used when the client logs in.
in /etc/skel/.novell/ncl, i have a copy of StartupLogin.conf as StartupLogin.conf.new
this file has information in it, but it will be wiped.
in /etc/skel/.kde4/Autostart/logon.sh, i have
Code:
if [ ! ~/.novell/ncl/StartupLogin.conf.new ]; then
mv ~/.novell/ncl/StartupLogin.conf.new ~/.novell/ncl/StartupLogin.conf
FDN=`ldapsearch -x -h 10.251.1.99 -b ou=its,o=fca | grep -i 'dn:' | grep -i $USER | grep -iv workstation`
CONTEXT=`echo $FDN | cut -d, -f2- | sed -e 's/ou=//ig' -e 's/o=//ig' -e 's/,/./ig'`
sed -i "s/UserName.*/UserName = $USER/" ~/.novell/ncl/StartupLogin.conf
sed -i "s/FDN.*/FDN = $FDN/" ~/.novell/ncl/StartupLogin.conf
sed -i "s/Context.*/Context = $CONTEXT/" ~/.novell/ncl/StartupLogin.conf
sudo /bin/update_login.conf.sh $CONTEXT
fi # if [ ! ~/.novell/ncl/StartupLogin.conf.new ];
/bin/update_login.conf.sh has the following and has '%users ALL=(root) NOPASSWD:/bin/update_login.conf.sh' added to /etc/sudoers
Code:
if [ ! -z "$1" ];then
sed -i "s/Default_Context=.*/Default_Context=$1/" /etc/opt/novell/ncl/login.conf
fi
So far this is working well.
The novell login needs to be run once, and on the advanced tab, have the session saved. This then auto runs afterwards for each logon.
as a troubleshooting tool, I :
Code:
cp /etc/etc.1
rsync -avP etc* my-pc:/tmp/
i can then use krusader to compare files (on my-pc), but most importantly, after doing something (eg yast ldap). rerun the rsync line and and it will tell exactly which file(s) changed, so you know which ones to check/keep/alter/etc
hope this helps.
ph

Radius and the Novell Client

Similar Messages

Maybe you are looking for